Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A data encryption system, comprising: a storage device adapted to store data D, the storage device including: an encryption/decryption module adapted to randomly generate a device key seed S d according to a time interval between two specific operations on the storage device, and adapted to apply the generated device key seed S d to data encryption of the data D, wherein the storage device is adapted to randomly generate the device key seed S d in response to interrupts that notify the storage device of occurrence of the two specific operations.
A data encryption system includes a storage device. The storage device's encryption module generates a device key seed randomly based on the time interval between two specific operations occurring on the storage device. This key seed is then used to encrypt data stored on the device. The key seed generation is triggered by interrupts that signal the occurrence of these specific operations.
2. The system of claim 1 , further comprising: a host adapted to receive the generated device key seed S d from the storage device, to generate a host key seed S h , to generate a first key K n according to the received device key seed S d , to encrypt the generated host key seed S h using the generated first key K n , and to transmit the encrypted host key seed K n (S h ) to the storage device, wherein the storage device is further adapted to generate the first key K n according to the device key seed S d , to decrypt the transmitted encrypted host key seed K n (S h ) using the generated first key K n to obtain the host key seed S h , to generate a second key K n+1 according to the obtained host key seed S h and the device key seed S d , and to encrypt the data D using the generated second key K n+1 .
The data encryption system described in the previous claim further comprises a host that receives the device key seed from the storage device. The host then generates its own host key seed and a first key based on the received device key seed. The host encrypts its key seed using this first key and transmits the encrypted host key seed back to the storage device. The storage device decrypts the host key seed using a locally generated first key. Finally, the storage device creates a second key using both the decrypted host key seed and the original device key seed. This second key encrypts the data.
3. The system of claim 2 wherein the host is further adapted to receive the encrypted data K n+1 (D) from the storage device, to generate the second key K n+1 according to the host key seed S h and the device key seed S d , and to decrypt the encrypted data K n+1 (D) using the generated second key K 1+1 to obtain the data D.
Building on the previous claims, after the storage device encrypts the data and sends it to the host, the host decrypts the encrypted data. Specifically, the host receives the encrypted data and then generates the same second key using the host key seed and the device key seed. Finally, the host decrypts the encrypted data using this generated second key to retrieve the original data.
4. The system of claim 1 wherein one of the specific operations is received on the storage device, and corresponds to a control transmission defined by USB (Universal Serial Bus).
In the data encryption system where the device key seed is generated based on the time interval between two specific operations occurring on the storage device, one of these specific operations is a control transmission received on the storage device as defined by the Universal Serial Bus (USB) standard.
5. The system of claim 4 wherein the control transmission includes at least one of status getting, feature clearing, feature setting, address setting, descriptor getting, descriptor setting, configuration getting, configuration setting, interface getting, interface setting, or frame synchronization.
Continuing from the previous claim, within the USB control transmission that triggers the key seed generation, the control transmission can be any one of these USB operations: status getting, feature clearing, feature setting, address setting, descriptor getting, descriptor setting, configuration getting, configuration setting, interface getting, interface setting, or frame synchronization.
6. The system of claim 1 wherein one of the specific operations is received on the storage device, and corresponds to a normal data transmission defined by USB (Universal Serial Bus).
In the data encryption system where the device key seed is generated based on the time interval between two specific operations occurring on the storage device, one of these specific operations is a normal data transmission received on the storage device as defined by the Universal Serial Bus (USB) standard.
7. A data encryption method, comprising: randomly generating a device key seed S d according a time interval between two specific operations on a storage device; and applying the generated device key seed S d to data encryption of data D, wherein the device key seed S d is said randomly generated in response to interrupts that notify the storage device of occurrence of the two specific operations.
A data encryption method involves randomly generating a device key seed based on the time interval between two specific operations occurring on a storage device. This key seed is then used to encrypt data stored on the device. The key seed generation is triggered by interrupts that signal the occurrence of these specific operations.
8. The method of claim 7 , further comprising: transmitting by the storage device the generated device key seed S d to a host; receiving by the storage device from the host an encrypted host key seed K n (S h ), wherein S h is a host key seed generated by the host and K n is a first key generated by the host according to the device key seed S d transmitted by the storage device; generating by the storage device the first key K n according to the device key seed S d ; decrypting by the storage device the received encrypted host key seed K n (S h ) using the generated first key K n to obtain the host key seed S h ; generating by the storage device a second key K n+1 according to the obtained host key seed S h and the device key seed S d ; and encrypting by the storage device the data D using the generated second key K n+1 .
Expanding on the previous method, the storage device transmits the device key seed to a host. The storage device receives an encrypted host key seed from the host, where the host key seed was generated by the host and encrypted using a first key derived from the device key seed. The storage device decrypts the received encrypted host key seed using the same first key. A second key is then generated on the storage device using both the decrypted host key seed and the original device key seed. This second key is used to encrypt the data.
9. The method of claim 8 , further comprising: transmitting by the storage device the encrypted data K n+1 (D) to the host so as to enable the host to: generate the second key K n+1 according to the host key seed S h and the device key seed S d in the host; and decrypt the encrypted data K n+1 (D) using the generated second key K 1+1 to obtain the data D.
In addition to the previous method, the storage device transmits the encrypted data to the host. The host is then able to generate the same second key using the host key seed and the device key seed. The host then decrypts the encrypted data using the generated second key to retrieve the original data.
10. The method of claim 7 wherein one of the specific operations is received on the storage device, and corresponds to a control transmission defined by USB (Universal Serial Bus).
In the data encryption method where the device key seed is generated based on the time interval between two specific operations occurring on the storage device, one of these specific operations is a control transmission received on the storage device as defined by the Universal Serial Bus (USB) standard.
11. The method of claim 10 wherein the control transmission includes at least one of status getting, feature clearing, feature setting, address setting, descriptor getting, descriptor setting, configuration getting, configuration setting, interface getting, interface setting, or frame synchronization.
Continuing from the previous method, within the USB control transmission that triggers the key seed generation, the control transmission can be any one of these USB operations: status getting, feature clearing, feature setting, address setting, descriptor getting, descriptor setting, configuration getting, configuration setting, interface getting, interface setting, or frame synchronization.
12. The method of claim 7 wherein one of the specific operations is received on the storage device, and corresponds to a normal data transmission defined by USB (Universal Serial Bus).
In the data encryption method where the device key seed is generated based on the time interval between two specific operations occurring on the storage device, one of these specific operations is a normal data transmission received on the storage device as defined by the Universal Serial Bus (USB) standard.
13. The system of claim 1 wherein the encryption/decryption module is further adapted to randomly generate the device key seed S d according to an occurrence time of one of the specific operations as obtained from a clock.
Expanding on the system where a device key seed is generated based on the time interval between two specific operations, the encryption module can *also* randomly generate the device key seed according to the precise time a specific operation occurs, obtaining the time from a clock.
14. The method of claim 7 , further comprising randomly generating the device key seed S d according to an occurrence time of one of the specific operations as obtained from a clock.
Expanding on the method where a device key seed is generated based on the time interval between two specific operations, the device key seed can *also* be generated randomly according to the precise time a specific operation occurs, obtaining the time from a clock.
15. A tangible non-transitory computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising: randomly generating a device key seed S d according a time interval between two specific operations on a storage device; and applying the generated device key seed S d to data encryption of data D, wherein the device key seed S d is said randomly generated in response to interrupts that notify the storage device of occurrence of the two specific operations.
A non-transitory computer-readable medium stores instructions that, when executed, cause a device to perform data encryption by: randomly generating a device key seed based on the time interval between two specific operations on a storage device; and applying this key seed to encrypt the data. The key seed generation is triggered by interrupts that signal the occurrence of these operations.
16. The tangible computer-readable medium of claim 15 wherein the computer-executable instructions, if executed by the computing device, cause the computing device to perform the method that further comprises: transmitting by the storage device the generated device key seed S d to a host; receiving by the storage device from the host an encrypted host key seed K n (S h ), wherein S h is a host key seed generated by the host and K n is a first key generated by the host according to the device key seed S d transmitted by the storage device; generating by the storage device the first key K n according to the device key seed S d ; decrypting by the storage device the received encrypted host key seed K n (S h ) using the generated first key K n to obtain the host key seed S h ; generating by the storage device a second key K n+1 according to the obtained host key seed S h and the device key seed S d ; and encrypting by the storage device the data D using the generated second key K n+1 .
The computer-readable medium of the previous claim also includes instructions for: transmitting the device key seed to a host; receiving an encrypted host key seed from the host (where the host encrypted its key using a first key derived from the device key seed); generating a first key according to the device key seed; decrypting the received encrypted host key seed; generating a second key using both the decrypted host key seed and the device key seed; and encrypting the data using the generated second key.
17. The tangible computer-readable medium of claim 16 wherein the computer-executable instructions, if executed by the computing device, cause the computing device to perform the method that further comprises: transmitting by the storage device the encrypted data K n+1 (D to the host so as to enable the host to: generate the second key K n+1 according to the host key seed S h and the device key seed S d in the host; and decrypt the encrypted data K n+1 (D) using the generated second key K n+1 to obtain the data D.
Building on the previous computer-readable medium claims, further instructions exist for: transmitting the encrypted data to the host, which enables the host to generate the same second key using the host key seed and device key seed, and then decrypt the encrypted data using that second key to recover the original data.
18. A tangible computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising: sending by a host a request for data D to a storage device, wherein the storage device randomly generates a device key seed S d according a time interval between two specific operations on the storage device; receiving by the host the generated device key seed S d ; generating by the host a host key seed S h ; generating by the host a first key K n according to the received device key seed S d ; encrypting by the host the host key seed S h using the generated first key K n ; and transmitting by the host the encrypted host key seed K n (S h ) to the storage device to enable the storage device to: generate the first key K n according to the device key seed S d ; decrypt the transmitted encrypted host key seed K n (S h ) using the generated first key K n to obtain the host key seed S h ; generate a second key K n+1 according to the obtained host key seed S h and the device key seed S d ; and encrypt the data D using the generated second key K n+1 to obtain encrypted data K n+1 (D).
A computer-readable medium with instructions for a host to request data from a storage device, where the storage device generates a device key seed based on the time interval between two specific operations. The host: receives the device key seed; generates a host key seed; generates a first key based on the received device key seed; encrypts its host key seed using this first key; and transmits the encrypted host key seed to the storage device. This allows the storage device to: generate the same first key; decrypt the encrypted host key seed; generate a second key using both seeds; and encrypt the requested data using the second key.
19. The tangible computer-readable medium of claim 18 wherein the computer-executable instructions, if executed by the computing device, cause the computing device to perform the method that further comprises: receiving by the host the encrypted data K n+1 (D); generating by the host the second key K n+1 according to the host key seed S h and the device key seed S d ; and decrypting by the host the encrypted data K n+1 (D) using the generated second key K n+1 to obtain the data D.
The computer-readable medium from the previous claim also includes instructions that enable the host to: receive the encrypted data; generate the second key using the host key seed and the device key seed; and decrypt the encrypted data using the generated second key to retrieve the original data.
20. The tangible computer-readable medium of claim 18 wherein the device key seed S d is also randomly generated by the storage device according to an occurrence time of one of the specific operations as notified by an interrupt.
Further specifying the previous claims about the computer-readable medium, the device key seed is randomly generated by the storage device based on either the time interval between two specific operations *or* the precise time a specific operation occurs, as signaled by an interrupt.
21. A host apparatus, comprising: means for sending a request for data D to a storage device, wherein the storage device randomly generates a device key seed S d according a time interval between two specific operations on the storage device; encryption/decryption means for: receiving the generated device key seed S d ; generating a host key seed S h ; generating a first key K n according to the received device key seed S d ; encrypting the host key seed S h using the generated first key K n ; and transmitting the encrypted host key seed K n (S h ) to the storage device to enable the storage device to: generate the first key K n according to the device key seed S d ; decrypt the transmitted encrypted host key seed K n (S h ) using the generated first key K n to obtain the host key seed S h ; generate a second key K n+1 according to the obtained host key seed S h and the device key seed S d ; and encrypt the data D using the generated second key K n+1 to obtain encrypted data K n+1 (D).
A host apparatus comprises: means for requesting data from a storage device which generates a device key seed based on the time interval between two specific operations; and encryption/decryption means for: receiving the device key seed; generating a host key seed; generating a first key based on the device key seed; encrypting the host key seed; and transmitting the encrypted host key seed to the storage device. This enables the storage device to generate the same first key, decrypt the host key seed, generate a second key from both seeds, and encrypt the data.
22. The host apparatus of claim 21 wherein the encryption/decryption means further is for: receiving the encrypted data K n+1 (D); generating the second key K n+1 according to the host key seed S h and the device key seed S d ; and decrypting the encrypted data K n+1 (D) using the generated second key K n+1 to obtain the data D.
The host apparatus from the previous claim further includes encryption/decryption means for: receiving the encrypted data from the storage device; generating the second key using the host key seed and device key seed; and decrypting the encrypted data using the generated second key to retrieve the original data.
23. The host apparatus of claim 21 wherein the device key seed S d is also randomly generated by the storage device according to an occurrence time of one of the specific operations as notified by an interrupt.
Expanding on the previous claims about the host apparatus, the device key seed is randomly generated by the storage device based on either the time interval between two specific operations *or* the precise time a specific operation occurs, as signaled by an interrupt.
Unknown
January 6, 2015
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.